Pegasystems announced the general availability of Pega Infinity ’24.1™.
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
The acquisition enables Drata to monitor compliance both before and after code is deployed to production. This capability, called Compliance as Code, will be demonstrated at RSA, May 6-9 in San Francisco.
Acquiring oak9 and launching Compliance as Code in Drata now equips thousands of DevSecOps, GRC, and engineering teams with the power to identify and remediate potential compliance violations as code is developed, instead of after it's deployed. GRC teams are routinely challenged to address compliance issues after changes are already in Production, creating a backlog of issues to address after deployment. As DevOps teams grow bigger and more complex, the need to "shift left", to address these compliance gaps earlier in the SDLC, has significantly increased in order to maintain compliance standards without sacrificing speed of development. Oak9 specialized in infrastructure-as-code to build security and compliance into cloud native applications as they are developed, and offered a catalog of out-of-the-box blueprints that ensured that customers can meet their security and compliance objectives for any architecture on any cloud provider.
"It's time to break down infrastructure and GRC silos to stop the cycle of costly and repetitive compliance remediation work. This is the future of compliance automation and GRC and it's here now," said Adam Markowitz, Drata Co-Founder and CEO. "Drata Compliance as Code empowers developers, engineers, and GRC teams to save countless hours by shifting compliance left in the SDLC, collectively improving security and code quality while fostering a culture of continuous compliance."
Integrating oak9's software brings Drata into crucial areas of the SDLC where changes happen, including the code repository, and the continuous integration and continuous delivery/deployment (CI/CD) pipeline. Pre-built tests map to an organization's compliance requirements by scanning their infrastructure code and flag gaps and anomalies with key details for the GRC team to resolve. Now, GRC teams will have shared visibility into their cloud infrastructure and be able to identify failing controls within the code before it ever makes it into production, creating more efficiency and confidence leading up to an audit.
"Oak9's mission from day one has been to address critical security gaps throughout the software development lifecycle, including gaps with compliance, which is all too often viewed as an afterthought. That mindset can be costly for the entire organization," said Om Vyas, Co-Founder and CEO of oak9. "Being integrated into Drata's platform is exceptional validation of our team's commitment to realizing this mission. This sets a new standard in how teams tackle cloud native security and compliance."
Industry News
Mend.io and Sysdig unveiled a joint solution to help developers, DevOps, and security teams accelerate secure software delivery from development to deployment.
GitLab announced new innovations in GitLab 17 to streamline how organizations build, test, secure, and deploy software.
Kobiton announced the beta release of mobile test management, a new feature within its test automation platform.
Gearset announced its new CI/CD solution, Long Term Projects in Pipelines.
Rafay Systems has extended the capabilities of its enterprise PaaS for modern infrastructure to support graphics processing unit- (GPU-) based workloads.
NodeScript, a free, low-code developer environment for workflow automation and API integration, is released by UBIO.
IBM announced IBM Test Accelerator for Z, a solution designed to revolutionize testing on IBM Z, a tool that expedites the shift-left approach, fostering smooth collaboration between z/OS developers and testers.
StreamNative launched Ursa, a Kafka-compatible data streaming engine built on top of lakehouse storage.
GitKraken acquired code health innovator, CodeSee.
ServiceNow introduced a new no‑code development studio and new automation capabilities to accelerate and scale digital transformation across the enterprise.
Security Innovation has added new skills assessments to its Base Camp training platform for software security training.
CAST introduced CAST Highlight Extensions Marketplace — an integrated marketplace for the software intelligence product where users can effortlessly browse and download a diverse range of extensions and plugins.
Red Hat and Elastic announced an expanded collaboration to deliver next-generation search experiences supporting retrieval augmented generation (RAG) patterns using Elasticsearch as a preferred vector database solution integrated on Red Hat OpenShift AI.
Traceable AI announced an Early Access Program for its new Generative AI API Security capabilities.